MiracleLinux 8 : poppler-20.11.0-6.el8 (AXSA:2023-5901:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5901:03 advisory. poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : git-lfs-3.4.1-4.el9_4 (AXSA:2024-8856:07)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8856:07 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 9 : golang-1.17.12-1.el9, go-toolset-1.17.12-1.el9 (AXSA:2022-4035:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4035:01 advisory. golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: net/http: improper sanitization of Transfer-Encoding header...

dr_flac contains an integer overflow vulnerability that allows for DoS when provided a crafted file

Overview drflac, an open-source FLAC audio decoder, part of the drlibs audio decoder toolset, contains an integer overflow vulnerability allowing for denial of service DoS when provided a specific crafted file. An attacker can exploit this vulnerability through providing a tool that uses drflac a...

MiracleLinux 9 : buildah-1.33.9-1.el9_4 (AXSA:2024-8904:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8904:08 advisory. go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34155...

MiracleLinux 7 : poppler-0.26.5-43.1.0.1.el7.AXS7 (AXSA:2024-8643:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8643:05 advisory. CVE-2022-38784: fix integer overflow in JBIG2 decoder CVEs: CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2...

MiracleLinux 8 : git-lfs-3.4.1-3.el8_10 (AXSA:2024-8855:06)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8855:06 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 9 : grafana-9.2.10-17.el9_4 (AXSA:2024-8844:13)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8844:13 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2023-5973:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5973:01 advisory. python: int type in PyLongFromString does not limit amount of digits converting text to int leading to DoS CVE-2020-10735 python: open redirection...

Libheif uncompressed codec lacks bounds check leading to application crash

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory...

MiracleLinux 7 : tigervnc-1.8.0-21.el7 (AXSA:2020-559:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-559:04 advisory. tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder CVE-2019-15691 tigervnc: Heap buffer overflow triggered from...

MiracleLinux 9 : skopeo-1.16.1-2.el9_5 (AXSA:2024-9497:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9497:07 advisory. encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156...

CVE-2026-23833

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

CVE-2026-23833

ESPHome CVE-2026-23833: An integer overflow in the API component protobuf decoder (bounds check ptr + field_length in components/api/proto.cpp) allows denial-of-service by sending a large field_length. Affects ESPHome versions 2025.9.0–2025.12.6 across all supported devices (ESP32/ESP8266/RP2040/...

CVE-2026-23833 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

PT-2026-3475

Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.9.0 through 2025.12.6 Description ESPHome is a system for remote microcontroller control via Home Automation systems. An integer overflow in the API component’s protobuf decoder can lead to denial-of-service attacks when...

ESPHome Input Validation Vulnerability

ESPHome is an open-source system for configuring and managing smart hardware. It is used to control Esp8266/Esp32 hardware, enabling home automation control. The version 2025.9.0 to 2025.12.6 of ESPHome contains a vulnerability related to input validation errors. This vulnerability stems from...

PT-2026-3528

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-13 and 6.9.13-38 Description ImageMagick is a free and open-source software used for editing and manipulating digital images. A heap buffer overflow vulnerability exists in the XBM image decoder ReadXBMImage...

Debian dla-4440 : ffmpeg - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4440 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4440-1 [email protected]...

[SECURITY] [DLA 4440-1] ffmpeg security update

Debian LTS Advisory DLA-4440-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara January 16, 2026 https://wiki.debian.org/LTS Package : ffmpeg Version : 7:4.3.9-0+deb11u2 CVE ID : CVE-2023-6603 CVE-2024-36615 CVE-2025-1594 CVE-2025-7700 CVE-2025-9951...